Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Outlier Detection Method for Mobile Banking with User Input Pattern and E-finance Transaction Pattern

사용자 입력 패턴 및 전자 금융 거래 패턴을 이용한 모바일 뱅킹 이상치 탐지 방법

  • Min, Hee Yeon (Graduate School of Information Security, Korea University) ;
  • Park, Jin Hyung (Graduate School of Information Security, Korea University) ;
  • Lee, Dong Hoon (Graduate School of Information Security, Korea University) ;
  • Kim, In Seok (Graduate School of Information Security, Korea University)
  • Received : 2013.10.24
  • Accepted : 2013.11.22
  • Published : 2014.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

As the increase of transaction using mobile banking continues, threat to the mobile financial security is also increasing. Mobile banking service performs the financial transaction using the dedicate application which is made by financial corporation. It provides the same services as the internet banking service. Personal information such as credit card number, which is stored in the mobile banking application can be used to the additional attack caused by a malicious attack or the loss of the mobile devices. Therefore, in this paper, to cope with the mobile financial accident caused by personal information exposure, we suggest outlier detection method which can judge whether the transaction is conducted by the appropriate user or not. This detection method utilizes the user's input patterns and transaction patterns when a user uses the banking service on the mobile devices. User's input and transaction pattern data involves the information which can be used to discern a certain user. Thus, if these data are utilized appropriately, they can be the information to distinguish abnormal transaction from the transaction done by the appropriate user. In this paper, we collect the data of user's input patterns on a smart phone for the experiment. And we use the experiment data which domestic financial corporation uses to detect outlier as the data of transaction pattern. We verify that our proposal can detect the abnormal transaction efficiently, as a result of detection experiment based on the collected input and transaction pattern data.

모바일 뱅킹을 이용한 거래 증가세가 지속되면서 모바일 금융 보안 위협 또한 증가하고 있다. 모바일 뱅킹은 금융사가 제작한 전용 앱을 통해 금융거래를 수행하는 방식으로 인터넷 뱅킹에 준하는 대부분의 서비스를 제공하고 있다. 모바일 뱅킹 전용 앱에서 저장하고 있는 신용카드 번호와 같은 개인정보는 해커의 악의적인 공격이나 모바일 단말 분실로 인해 2차적인 공격에 이용될 수 있다. 따라서 본 논문에서는 이러한 개인정보 유출에 의한 모바일 금융사고 위협에 대응하기 위해 모바일 단말에서 뱅킹 서비스 이용시 사용자의 입력 패턴과 거래 패턴을 이용하여 올바른 사용자에 의한 거래 시도인지 여부를 판단할 수 있는 이상치 탐지 방법을 제안한다. 사용자의 입력 패턴과 거래 패턴 데이터에는 특정 사용자를 식별할 수 있는 정보들이 포함되어 있으며, 따라서 이를 적절히 이용할 경우 올바른 사용자에 의한 금융 거래와 비정상 거래를 구분하기 위한 자료로 사용할 수 있다. 본 논문에서는 실험을 위해 스마트 폰에서 직접 사용자 입력 패턴 정보를 수집하였고, 국내 모 금융사에서 이상치 탐지에 사용하는 실험 데이터를 획득하여 거래 패턴 정보로 활용하였다. 수집된 정보를 바탕으로 입력 패턴 및 거래 패턴 기반의 탐지 실험을 진행한 결과, 효율적으로 이상 거래를 탐지할 수 있음을 확인하였다.

Keywords

References

  1. The bank of Korea, "The current usage state of internet banking service in the first quarter of 2013", May. 2013
  2. KB Financial Group, "Trend and prospect of the Mobile payment market", May. 2013
  3. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, C. Glezer, "Google Android : A Comprehensive Security Assessment", IEEE Security & Privacy, Vol. 8, Issue 2, pp. 35-44, Mar. 2010 https://doi.org/10.1109/MSP.2010.2
  4. Financial Security Agency, "Major issues and trend report on the financial smart phone", Jul. 2012
  5. Y.J. maeng, D.O. Shin, S.H. Kim, D.H. Nyang, "A study of the vulnerability analysis and coping method in regard to document falsification of electronic financial transaction", Review of KIISC, Vol. 20, No. 6, pp 17-27, Dec. 2010.
  6. S.M. Lee, "A recent state about the authentication technology", The payment settlement and information technology, Vol. 47, pp. 30-48, Jan. 2012
  7. Telecommunications Technology Association, "Fraud Detection and Response Framework in Electronic Financial Transaction System", TTAK.KO-12.0178, Dec. 2011
  8. A.D. Luca, A. Hang, F. Brudy, C. Lindner, H. Hussmann, "Touch me once and I know it's you!: Implicit Authentication based on Touch Screen Patterns", Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 987-996, May. 2012
  9. H. Seo, H.K. Kim, "Novel Anomaly Detection Method for Proactive Prevention from a Mobile E-finance Accident with User's Input Pattern Analysis", Journal of the Korea Institute of Information Security and Cryptology, Vol. 21, No. 4, pp. 47-60, Aug. 2011
  10. Y. Meng, D.S. Wong, R. Schlegel, L. Kwok, "Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones", Information Security and Cryptology, Vol. 7763, pp. 331-350, 2013 https://doi.org/10.1007/978-3-642-38519-3_21
  11. H. Kim, S. Lee, "The Phoneme Kernel Technique based on Support Vector Machine for Emotion Classification of Mobile Texts", Journal of KIISE : Software and Applications, Vol. 40, No. 6, pp. 350-355, Jun. 2013
  12. Y.M. Kim, C.H. Jeong, H.S. Kim, "An Estimation of Risky Module using SVM", Journal of KIISE : Computing Practices and Letters, Vol. 15, No. 6, pp. 435-439, Jun. 2009
  13. J. Park, K. Kim, I. Han, "Bankruptcy Prediction using Support Vector Machines", The journal of MIS research, Vol. 15, No. 2, pp. 51-63, Jun. 2005
  14. S.H. Kim, H.S. Jeon, "Box Plot Algorithm used in Packages", The Korean Journal of Applied Statistics, Vol. 5, No. 1, pp. 93-102, 1992
  15. R. McGill, J.W. Tukey, W.A. Larsen, "Variations of Box Plots", The American Statistician, Vol. 32, No. 1, pp. 12-16, Feb. 1978
  16. J.L. Hintze, R.D. Nelson, "Violin Plots: A Box Plot-Density Trace Synergism", The American Statistician, Vol. 52, No. 2, pp. 181-184, May. 1998
  17. WEKA 3 : Data Mining Software in Java, [Online]. Available : http://www.cs.waikato.ac.nz/ml/weka/
  18. Wikipedia, "Support vector machine", [Online]. Available : http://en.wikipedia.org/wiki/Support_vector_machine

Cited by

  1. A Study on the Information Security Control and Management Process in Mobile Banking Systems vol.18, pp.2, 2015, https://doi.org/10.9717/kmms.2015.18.2.218
  2. Fraud Detection System in Mobile Payment Service Using Data Mining vol.26, pp.6, 2016, https://doi.org/10.13089/JKIISC.2016.26.6.1527
  3. 이상탐지 활용 전자집단민원 추정 방법론에 관한 탐색적 연구: 창원시 시민의 소리 사례를 중심으로 vol.26, pp.4, 2019, https://doi.org/10.22693/niaip.2019.26.4.085